Hello,
I struggled recently, with combining sslh and nginx daisy-chaining ip-transparent connections, and realised the same problem, other users reported, when using stunnel. Now that I have found a fix, which solves my problem with sslh, I checked into the stunnel code, and adapted my proposed fix for stunnel:
diff client.c_original client.c 1721a1722,1723
if (setsockopt(c->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on)) sockerror("setsockopt SO_REUSEADD");
1769a1772,1776
int on = 1; #ifdef IP_TRANSPARENT if (setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on)) sockerror("setsockopt SO_IP_TRANSPARENT");> #endif
I described my findings here in Detail: https://github.com/ftasnetamot/sslh/blob/2024-07-28--documentation/doc/Daisy... This article helped me to figure out, what is wrong: https://blog.cloudflare.com/how-to-stop-running-out-of-ephemeral-ports-and-s...
I wrote as well some weeks earlier two documents, describing how to configure ip-transparent connections only with routing and no firewall rules involved. The same works 1:1 with stunnel. https://github.com/yrutschle/sslh/blob/master/doc/simple_transparent_proxy.m... https://github.com/yrutschle/sslh/blob/master/doc/scenarios-for-simple-trans...
Happy tunneling
.f
Sicher versendet mit [Proton Mail](https://proton.me/).
-
ftsanetamot